Safer Email Interaction
This page will provide some tips that will help you assess the trustworthiness of an email. It is important to remember that cybercrime is dynamic - perpetrators are continually assessing countermeasures and adjusting their techniques accordingly. As a potential victim, you should act accordingly - consider the advice to be illustrative of principles, rather than examples to be followed verbatim.
Keeping yourself secure online has a cost outside of the financial cost. It is possible to develop 'online security fatigue'. The most sustainable approach is to apply as much security effort as is appropriate for the context, erring on the side of security if uncertain.
When dealing with an email, the safest approach is to not interact with it: don't reply to it, don't click on any links, don't open any attachments. Unfortunately, this is not a particularly practical approach for many legitimate scenarios.
Analysing senders and recipients
Check the sender's address, not the displayed name. If possible, try to do this on a desktop/laptop client rather than on a mobile phone client. Mobile phone clients can be selective what information they show in this regard so as to make the most efficient use of the limited screen space available.
If you have received email from the sender before, are they using the same address as before?
If the email purports to be from an organisation (Facebook, Amazon, ,your bank), look at the domain of the email address (i.e. the part after the '@'). The majority of businesses will use an email domain that is a reference to their organisation name and will not use a 'free' email provider (gmail.com, yahoo.com, outlook.com etc). So, someone who works at Amazon is much more likely to send an email from an address such as `email@example.com` and not `firstname.lastname@example.org`.
Dealing with links in the email content
The most important thing to remember is to never left-click on a link:
If the email purports to be from an organisation that you have a relationship with (e.g. Facebook, Amazon, your employer, your bank), then you should navigate directly to the site in question in your browser. For example, if the mail relates to a suspicious activity on your account, there will most likely be a way to look at that information once you have logged in to the site.
If the link is to something that is searchable - e.g. a Youtube video of 'Kitten Rescue Cat Cam' try to search for it yourself using your preferred search engine.
If neither of these options are viable, right-click on the link and select Copy Url. Paste the link into the simplest text editor you have available - an application such as Notepad is ideal. Now, try and determine the trustworthiness of the url by using the following steps.